Page tree
Skip to end of metadata
Go to start of metadata

Terraform Quickstart

Hashicorp is an excellent company - I have used vagrant in the past - terraform works very well.

Terraform does not maintain state in the account (via a CloudFormation stack) - it uses a local .tfstate file.

Also use vault for secrets, use terragrunt as a wrapper. - extract out and move the binary. 

Follow and

AWS key/secret are in ~/.aws/credentials and config for the region for the config.ts details.

The AWS provider as part of terraform is internal and not directly related to the native AWS CLI - AWS Developer Guide#AWSCLI

Installing Terraform

Check for the latest 20190822 version in

20200206: v0.12.21

I usually run terraform on a jump box when running multiple laptops.

$sudo cp ~/Downloads/terraform /usr/local/bin
$terraform -version
Terraform v0.12.2

Install AWS CLI to provide credentials

The AWS credentials will be installed and ready for terraform - see AWS Developer Guide#AWSCLI or just do an

aws configure

Linux/Ubuntu Terraform Installation

# the ec2 vm even if it is ubuntu instead of amazon linux will have the aws secret key provisioned if the AWS CLI was installed 

- verify
ubuntu@ip-172-31-94-184:~$ ls ~/.aws
config  credentials
ubuntu@ip-172-31-94-184:~$ cat ~/.aws/credentials 
aws_access_key_id = A**
aws_secret_access_key = Dl****l

# get the latest
$ sudo apt install unzip
$ sudo unzip terraform
  inflating: terraform               
$ sudo cp terraform /usr/local/bin
$ sudo chmod 777 /usr/local/bin/terraform 
$ exit

# upload a minimal template
obrienbiometrics:terraform michaelobrien$ scp                                                   100%  102     1.1KB/s   00:00
# go back into the box    
obrienbiometrics:terraform michaelobrien$ ssh

$ terraform init
* version = "~> 2.17"
Terraform has been successfully initialized!

$ terraform apply

Local Terraform Installation

sudo cp ~/Downloads/terraform /usr/local/bin/
sudo chmod +x /usr/local/bin/terraform
terraform init
* version = "~> 2.12"
Terraform has been successfully initialized!

# leave out your creds for auto discovery except the region
obrienbiometrics:terraform michaelobrien$ cat 
resource "aws_instance" "example" {
  ami           = "ami-2757f631"
  instance_type = "t2.micro"
provider aws {
  region = "us-east-1"


obrienbiometrics:terraform michaelobrien$ terraform apply
  The region where AWS operations will take place.
Do you want to perform these actions?
  Enter a value: yes
aws_instance.example: Creation complete after 35s [id=i-0c85247989abb315a]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

# see terraform.tfstate
# modify ami
terraform apply
Apply complete! Resources: 1 added, 0 changed, 1 destroyed.
# destroy
terraform destroy
Plan: 0 to add, 0 to change, 1 to destroy.

Windows Terraform Installation

Download the latest 64 bit version 0.12.7 from

Copy the terraform.exe executable into any directory on your path - for example c:/opt/bin

0.12.0 has 2.13, 0.12.7 has 2.26

$ terraform init
Initializing the backend...
Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "aws" (terraform-providers/aws) 2.26.0...
The following providers do not have any version constraints in configuration,
so the latest version was installed.
To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.

* version = "~> 2.26"

Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

# if you don't have the AWS CLI installed yet - create the aws credentials file and validate it
$ vi ~/.aws/credentials

$ terraform plan
Refreshing Terraform state in-memory prior to plan...
  # aws_instance.example will be created
  + resource "aws_instance" "example" {
      + ami                          = "ami-2757f631"
Plan: 1 to add, 0 to change, 0 to destroy.

$ terraform apply

Instance:  i-0bf09a07a574e5c53Public DNS:

Upgrading Terraform

ubuntu@ip-172-31-94-184:~$ terraform -version
Terraform v0.12.6
+ v2.17.0

Your version of Terraform is out of date! The latest version
is 0.12.19. You can update by downloading from

AWS Provider Examples

or and 


Sync AWS out of band changes 

When you did changes outside of terraform - run terraform init to sync.

terraform init

Resync after AWS account switch

Scenario: create a stack, switch .aws/credentials account, attempt to destroy - successful but 0 actions, now terraform init and attempt to destroy on original account - nothing.

Headless Terraform scripts

Azure Provider Examples



Terraform on an AWS Bastion VM

In order to keep the terraform init configuration in one place - among multiple laptops/accounts - run the templates from a bastion box.


  • No labels

1 Comment

  1. add terraform plan and import (cloudformer)

    check terragrunt gruntwork packages

    check picharm proxy also

    3scale redhat openshift